Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7973 | 1 Gitlab | 1 Gitlab | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab through 12.7.2 allows XSS. | |||||
| CVE-2019-10073 | 1 Apache | 1 Ofbiz | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616 | |||||
| CVE-2020-8548 | 1 Masscode | 1 Masscode | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). | |||||
| CVE-2014-8338 | 1 Videowhisper | 1 Webcam | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. | |||||
| CVE-2018-7475 | 1 Icewarp | 1 Mail Server | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2011-1069 | 1 Phpshop | 1 Phpshop | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPShop through 0.8.1 has XSS. | |||||
| CVE-2010-4662 | 1 Pmwiki | 1 Pmwiki | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| PmWiki before 2.2.21 has XSS. | |||||
| CVE-2015-3612 | 1 Fortinet | 1 Fortimanager | 2020-02-05 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. | |||||
| CVE-2020-8496 | 1 Kronos | 1 Web Time And Attendance | 2020-02-05 | 3.5 LOW | 4.8 MEDIUM |
| In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator. | |||||
| CVE-2020-8493 | 1 Kronos | 1 Web Time And Attendance | 2020-02-05 | 3.5 LOW | 4.8 MEDIUM |
| A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator. | |||||
| CVE-2014-9211 | 1 Clickdesk | 1 Clickdesk | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ClickDesk version 4.3 and below has persistent cross site scripting | |||||
| CVE-2019-20174 | 1 Auth0 | 1 Lock | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. | |||||
| CVE-2019-19968 | 1 Pandorafms | 1 Pandora Fms | 2020-02-05 | 3.5 LOW | 5.4 MEDIUM |
| PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. | |||||
| CVE-2014-5039 | 1 Eucalyptus | 1 Eucalyptus Management Console | 2020-02-05 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3809 | 1 Nokia | 6 1830 Photonic Service Switch-16, 1830 Photonic Service Switch-16 Firmware, 1830 Photonic Service Switch-32 and 3 more | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. | |||||
| CVE-2014-2843 | 1 Infoware | 1 Mapsuite | 2020-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7054 | 1 D-link | 2 Dir-100, Dir-100 Firmware | 2020-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-100 4.03B07: cli.cgi XSS | |||||
| CVE-2013-2622 | 1 Uebimiau | 1 Uebimiau | 2020-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php. | |||||
| CVE-2019-17338 | 1 Tibco | 1 Patterns - Search | 2020-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below. | |||||
| CVE-2013-2623 | 1 Telaen Project | 1 Telaen | 2020-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php. | |||||